Mandriva Linux Security Advisory 2011-010 - Multiple vulnerabilities has been found and corrected in xfig. Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string some of these details are obtained from third party information. Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed.fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c. Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a FIG image with a crafted color definition.
09d1fc018db224e0d18827daac38a09a99348bd9d33232ed27421afb056fd732-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:010
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xfig
Date : January 15, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in xfig:
Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
crash) via a long string in a malformed .fig file that uses the 1.3
file format, possibly related to the readfp_fig function in f_read.c
(CVE-2009-4228).
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a FIG image with a crafted color definition
(CVE-2010-4262).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4262
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
e39602fc8ee985c8b9a53872593a0f81 2009.0/i586/xfig-3.2.5-4.1mdv2009.0.i586.rpm
1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2d23d023c54c3e97e0785a4c132e6920 2009.0/x86_64/xfig-3.2.5-4.1mdv2009.0.x86_64.rpm
1939fb7dc9bea4407c6ef8fac24ed8cf 2009.0/SRPMS/xfig-3.2.5-4.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
fa216772dd4e5cce2646af8e3fdab037 2010.0/i586/xfig-3.2.5b-1.3mdv2010.0.i586.rpm
a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
41a861a853686f15faf79ac78d23f01b 2010.0/x86_64/xfig-3.2.5b-1.3mdv2010.0.x86_64.rpm
a5d6698dd7015208f7c2bdaa94eaded8 2010.0/SRPMS/xfig-3.2.5b-1.3mdv2010.0.src.rpm
Mandriva Linux 2010.1:
6246b2d654ecc3208eb6a1484e656680 2010.1/i586/xfig-3.2.5b-3.1mdv2010.2.i586.rpm
1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
e967afae295de665073e0c9ef751e86d 2010.1/x86_64/xfig-3.2.5b-3.1mdv2010.2.x86_64.rpm
1d0ca214e51934ffe9d52e7a4ed9b589 2010.1/SRPMS/xfig-3.2.5b-3.1mdv2010.2.src.rpm
Corporate 4.0:
66396295f199c85cdba5b7c83efd82c6 corporate/4.0/i586/xfig-3.2.5-0.4.20060mlcs4.i586.rpm
047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0089a3e8d5436d7ea3a72afad505a39b corporate/4.0/x86_64/xfig-3.2.5-0.4.20060mlcs4.x86_64.rpm
047a3ee6ff83f35c6c7a167f442af9b8 corporate/4.0/SRPMS/xfig-3.2.5-0.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNMfMSmqjQ0CJFipgRAuy4AJ9cJPnx510QGOr4rS0WWSd98c105gCgwS0l
51YvC5zhkNyiQiTTb57njsA=
=bct3
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed